CDF-110-OL1: Lab questions
You are configuring a new rule in Kiwi Syslog server. You need to add a server with 192.168.0.1 IP address. When prompted to add the start and end range of IP addresses, what should you add?
192.168.0.1 - 192.168.0.1
If you have the following IP address space, 192.168.16.0 /22, how many subnets are going to be included in
4
When configuring a Group Policy Update, you need the updates to auto download and schedule the installation. When configuring the GPO policy, which of the value should you set?
4
You have recently generated MD-5 hash of a number of files on your system. When you hash these files, what would be the length of the MD-5 hash?
48 char
Which of the symbol is likely to appear on a scan result if a computer does not have the latest service pack or update rollup?
A yellow X
You have logged on to Alien Vault application. After configuring the location, what is the next step that you need to perform?
Add the sensors
Identify the PowerShell command that will install WSUS along with the Management Tools on your system.
Add-WindowsFeature UpdateServices,UpdateServices-WidDB,UpdateServices-Services -IncludeManagementTools
After installing WSUS, you notice a yellow exclamation point icon, appended to the flag on the Server Manager Dashboard. What does this indicate?
Additional configuration is required.
When working in the production environment, where should you avoid adding the "permit ip any any" entry in an IP access list?
As the last entry in the access list
You have executed the following command: clear ip access-list counters. What would be the likely output of this command?
Clears the counters for all access lists
You are currently logged in to Alien Vault with the Admin account. You want to add another user account. On the admin console, which tab should you visit to add this user account?
Configuration
In the Cisco ASDM, after you have created and added a user while setting up SSL VPN, what is the next step that must perform?
Create a new group policy
when creating a GRE tunnel, what is the very first step that you must perform?
Create a virtual tunnel interface in global config
You have created a Group Policy Object (GPO) for WSUS that needs to assign updates to a specific department in your organization. After creating the GPO, what is the next step that you are likely to perform?
Create an Organizational Unit (OU) and move required computers in it
You typically use the https://www.ultratools.com/dnsTools Website for troubleshooting the DNS related issues. You want to get the DNS performance information to troubleshoot various performance issues with DNS. Which of the following tool are you likely to use?
DNS Hosting Speed
When you enter a URL in the Web browser's address bar and press enter, from which of the following location does the computer attempts to lookup the domain name?
DNS cache on the client
You want to troubleshoot email and DNS issues using the www.dnsstuff.com Website. You only know the zone name that you want to use for troubleshooting. Which of the following tool is most appropriate in this case?
DNSreport
Identify the output of the following command: ip access-list extended PLAB
Defines an extended IP access list PLAB and enters in the configuration mode
Identify the output of the following command: show ip access-list
Displays the contents of all current IP access lists
While creating an index, you notice that the it displays the files extensions to be .pst, .dbx, .msf and so on. Which type of file type would have you selected?
Emails and Attachments
When configuring the ASA firewall, you have just configured the interface via the command line. What is the next step that you should perform?
Enable the HTTP server
During a forensics investigation, you need to access a USB thumb drive that you found on the crime scene. Before accessing the USB thumb drive, what must you do?
Enable write protection
You have logged into the Cisco ASDM-IDM. What must you do to configure interfaces in the management console?
Get into the Configuration mode
After identifying a victim, what is the attacker likely to do as the next step?
Get to personally know the victim
Using the Nmap client on Windows, you have performed a scan of a system with an IP address, 192.168.0.1. In the client, which tab should you view to review the complete scan details, such as state, open and closed ports, scanned ports, and last boot?
Host Details
Note the following output: NYEDGE2#ping 172.14.0.1 source 192.168.16.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.14.0.1, timeout is 2 seconds: Packet sent with a source address of 192.168.16.2 ..U.U What does the . (dot) denote in this output?
Indicates the network server timed out while waiting for a reply
While reviewing the MBSA scan report, one of the result is marked with the blue asterisk. What does this indicate?
Information on best practice checks
In the given command, netstat -e -t 5, what does -e and -t signify?
Interval for repeat updates
Identify the output of the following command: 3' and 1=0 union select null, user() #
Lists the main user from the OS where DVWA is installed
While configuring a SSL VPN connection using Cisco ASDM, if you do not have a TACACS server configured for authentication, which other option will you have to choose?
Local user database
In AlientVault, if you get a value of 0 in the Risk column, what does it denote?
Low-risk value
You are looking for a free product that helps you to check for available updates for Windows, Microsoft Data Access Components (MDAC), MSXML (Microsoft XML Parser), .NET Framework, and SQL Server. You also need this product to scan the systems for insecure configuration. Which of the following product is likely to meet your requirement?
Microsoft Baseline Security Analyzer (MBSA)
To be able to configure a GRE tunnel, which of the following command should you execute first?
NYWAN1(config-if)#ip address 172.16.16.1 255.255.255.0
You had downloaded and installed Nessus Professional trial version. However, after one week, you are unable to run the application. What could be the reason?
Nessus has expired.
When accessing Nessus via a web browser, you encounter a message related to a security certificate issue. What is the possible cause of this message?
Nessus is using a self-signed SSL certificate.
You want to investigate processes taking place on the network. You want to also display all the ports and their condition together with the PID that might be using or listening to the port for traffic to arrive or pass through. Which of the following command is likely to be useful to you in this case?
Netstat
You have executed the following command: nmap -F 192.168.0.1. Which of the following will be the result?
Nmap will scan 100 most commonly used ports in a fast scan.
In the Alien Vault dashboard, on the Environment tab, you notice that the OVERVIEW menu is empty. What could be the possible reason?
No scans have yet been completed.
From the Alien Vault's dashboard, you visit the Reports section. You want to download the report and share it with your supervisor. Which format should you choose for generating the report?
Using the Nmap client on Windows, you have performed a scan of a system with an IP address, 192.168.0.1. You want to view the open ports on the system and the services that are using these ports. Which of the following tab is likely to provide this information?
Ports / Hosts
Using your system on which you have Wireshark installed, you want to capture the packets from all systems on your subnet. To be able to do this, which mode should you enable for the Ethernet adapter in Wireshark?
Promiscuous mode
Other than protecting the integrity of information, which other purpose should you use a cryptographic tool for?
Protecting confidentiality
If you are unable to connect to the router via SSH from the Fa 1/0/1 interface on the NYCORE1 switch, what must you do?
Run the no shutdown command on the Fa 1/0/1 interface of the switch
What will be the range of subnets that will be scanned if you enter nmap 192.168.0.0/20 command?
Scans between 192.168.0.0 - 192.168.15.255
Several events are captured in Alien Vault. You notice that the from a specific IP address a number of sudo sessions are opened. In the given graphic, what do you interpret of the sudo sessions?
Sudo sessions are opened locally.
Your organization has recently revised the security policies and need all the network devices to store their logs in a centralized location. You should be able to review informational or error messages from the central location. To be able to meet this goal, which of the following should you implement?
Syslog server
What will be the output if execute the command, Shutdown /r /t 5, on your own system?
System will be restart after 5 seconds of command execution.
After capturing several packets in Wireshark, you notice that they are coded with different colors. You notice that a number of packets are marked with black color. What would this be indicative of?
TCP packets with problems
You want to filter the traffic for Microsoft. Which of the following would be the correct filter to use?
Tcp contains Microsoft
After the username and password are entered and successful authentication, the home page of SSL VPN Service Web application is displayed. However, you notice that the defined bookmark in the right pane is disabled. What could be the reason?
The ASA cannot resolve the address of this server.
You have executed the following command on the switch: switchport port-security mac-address sticky
The MAC address will stick into the memory.
You want to enable port security on NYCORE1 switch. To be able to do this, what must you ensure for the port?
The port must be explicitly configured as an access port.
You are entering the following command in TigerVNC to connect with a remote Linux system: 192.168.0.3:1. What does the value of :1 signify in this command?
The port number on which you are connecting
If you execute the command, no secure boot-image, what would be its output?
The secure image feature will be disabled.
You have configured Performance Monitor on a server and added the %Processor time counter. What would be the reason for adding this counter?
To measure how much time processor spends on any process
You need to install WSUS on a hard drive that has compression enabled. Before you begin the installation, what must you do to ensure that installation requirements are met?
Uncompress the hard drive
What are you supposed to do if you receive an activation failed error?
Use the Web browser to request a new activation code
You have a zip file that contains individual emails and files. You want to list all of them in a text file using OSForensics. To be able to do this, what must you do?
Use the signature creation function
When logged on to Kali Linux, you need to open LeafPad. What would be the correct menu navigation that you should choose?
Usual Applications > Accessories > Leafpad
You have downloaded an installer from a software vendor's Website. Before initiating the installation, you want to ensure that the installer is legitimate and has not been tempered with. What should you do?
Verify the MD5 signature of the installer with the one published by the software vendor
A user has deleted a few files before quitting his job. No one has used his system after that. What are your chances of recovering these files?
Very high
ou want to use social engineering attack on an organization and gain access to confidential information. You have identified the victim who will lead you to the information. After identifying, which of the following method can possibly help you to gain information about the victim?
Victim's social networking pages
After generating a report, you need to save it. Identify the methods that are supported by Nessus for saving the report.
-Database -HTML -CSV
If you enter the following command: switchport port-security maximum 1 Only one MAC address will be learned. What will happen to the second MAC address?
-It will not stick. -It will not be learned
You have narrowed down a person for social engineering who can provide possible information to grab some confidential information from a company. You visit the possible victim's page on Facebook. On this page, what is the critical information you need to look that might be useful to perform a social engineering attack?
-Mobile number -Email account
If you enter the following command in the User ID field: 3' and 1=0 union select null,concat(first_name,0x0a,password) from users # What values are going to be displayed
-Password hash -First name
After scanning a hard drive image for deleted files in ProDiscover Basic, you want to export the findings into a report. In this scenario, which two file formats will be supported?
-RTF -TXT
You have just added a dd image in the OSForensics application. When creating a new index, what is the next step that you are supposed to perform?
-Select a custom template -Select the file types
You need to connect to a Windows Server by specifying its IP address in Putty. When you initiate the connection, you are prompted with the following error: Network error: Connection refused. What could be the probable cause?
-Telnet Service here might not be running. -Telnet Service might not be listening on the specified port.
You want to create a GRE tunnel on your router and connect with another router. To be able to do this, which of the following information would you need?
-Tunnel IP Address -Destination IP Address -Tunnel source interface
You want to ping a server on the network but want to limit the number of echo counts to 30. Which parameter should you use with the ping command to achieve this goal?
-n
If on a network, a client does not yet have an IP address when it sends a DHCPDISCOVER message, which IP address will be used as a source IP address?
0.0.0.0
You have omitted the source-wildcard from the IP access list. In this situation, which mask would be used in the IP access list?
0.0.0.0
Identify the configurations that you would need to perform to enable remote access to the ASA firewall: 1. An IP address either on an internal interface on the firewall, or the management interface (which you will use) 2. The HTTP server enabled on the firewall 3. An access list enabling remote access to the device 4. A username and password to authenticate with
1, 2, 3, 4
When configuring Kiwi Syslog server on a Windows Server to collect events from various server, you want to ensure that you do not exceed the limit supported by the Syslog server. In this case, what is the maximum number of rules should you be able to define ?
100
You have a large network that also includes legacy operating systems like Windows Vista and Windows 98 along with Windows 8, Windows 8.1, and Windows 7. You implement Microsoft Baseline Security Analyzer (MBSA) 2.3 on a Windows 8 system. Identify the operating systems that will be excluded from the MBSA scan.
Windows 98
You want to capture packets from a system but when you start Wireshark using administrative privileges, you notice that the Capture button is greyed out. What could be the possible reason?
You have not first selected the Ethernet adapter.
When creating a data collector set using the wizard in Performance Monitor, what is the next thing you create after defining a name for the data collector set?
alert
You need to generate an RSA key. What must you do to ensure that an RSA key can be successfully generated?
configure a domain
You have captured several password hashes in a text file. You want to crack the passwords now. What should be your next step to do so?
create a word list
Which of the following Website is likely to provide this type of output?
https://mxtoolbox.com/
You want to perform operating system (OS) detection of a remote host, 192.168.0.1. You also want to detect its build number. Which command is likely to provide the required output?
nmap -O localhost
In a given range, 192.168.0.1-10 of your network, you want to detect the online systems without having to ping each individual system. Which of the following command will help you achieve this goal?
nmap -sP 192.168.0.1-10
You want to perform scanning of two hosts, PLABWEB and PLABPROXY, on your network but using their DNS names. Which of the following command would be most appropriate?
nmap PLABWEB PLABPROXY
You want to perform a UDP scan against a host with the IP address, 192.168.0.1. Which parameter of nmap should you use in this case?
sU
You want to view which inbound and outbound access lists are set on an interface, gigabitEthernet 0/0. Which command will help you achieve this?
show ip interface gigabitEthernet 0/0
You want to capture traffic and want to use a filter to show only SYN packets. Which of the following filter will help you enable this capture?
tcp.flags.syn==1 && tcp.flags.ack==0
